<?php 
/* class static classAuthority
 *
 * description:
 * Authorize action like login logout
 *
 *
 * 
 * since version: 0.1
 */
require_once('mysql.php');;
class Authority{
  /**
   *  function: static function login($username,$password)
   *
   *  description: handle login request ,set cookie
   *
   *  param string $username $password (not md5)
   *
   *  return boolean
   *
   *  @since version: 0.2 
   */
  static function login($username,$password)
  {
    $con = MySQL::get_con();
    if(!$con)
      {
	return false;
      }
    if(!MySQL::ckstr($username))
      {
	return false;
      }
    if(!MySQL::ckstr($password))
      {
	return false;
      }
    $pwdmd5 = md5($password);
    $result = mysql_query("SELECT * FROM client WHERE username = '$username' and password = '$pwdmd5'",$con);
    if(mysql_num_rows($result)==0)
      return false;
    setcookie("username",$username);
    setcookie("password",$pwdmd5);
    return true;
  }

  /**
   *  function: static function logout()
   *
   *  description: remove cookie
   *
   *  param void
   *
   *  return boolean
   *
   *  @since version: 0.2 
   */
  static function logout()
  {
    if(!Authority::is_login())
      {
	return false;
      }
    setcookie("username",'');
    setcookie('password','');
    return true;
  }

  /**
   *  function: static function is_login()
   *
   *  description: check cookie if is login
   *
   *  param void
   *
   *  return boolean
   *
   *  @since version: 0.2 
   */
  static function is_login()
  {
    $username = @$_COOKIE['username'];
    $password = @$_COOKIE['password'];
    if(!isset($username,$password))
      {
	return false;
      }
    if(!MySQL::ckstr($username))
      {
	return false;
      }
    if(!MySQL::ckstr($password))
      {
	return false;
      }
    $con = MySQL::get_con();
    if(!$con)
      {
	
    echo 123;
	return false;
      }
    $result = mysql_query("SELECT * FROM client WHERE username = '$username' and password = '$password'",$con);
    if(mysql_num_rows($result)==1)
      {
	return true;
      }
    return false;
    
  }

  /**
   *  function: static function is_manager()
   *
   *  description: check is_login and check if is manager
   *
   *  param void 
   *
   *  return boolean
   *
   *  @since version: 0.2 
   */
  static function is_manager()
  {
    if(!Authority::is_login())
      {
	return false;
      }
    $username = $_COOKIE['username'];
    if(!MySQL::ckstr($username))
      {
	return false;
      }
    $con = MySQL::get_con();
    if(!$con)
      {
	return false;
      }
    $result = mysql_query("SELECT * FROM manager_list WHERE username = '$username'",$con);
    if(mysql_num_rows($result)==1)
      {
	return true;
      }
    return false;
  }

  /**
   *  function: statif function set_manager($username)
   *
   *  description: set a user to manager
   *
   *  param string $username
   *
   *  return boolean
   *
   *  @since version: 0.2 
   */
  static function set_manager($username)
  {
    if(!Authority::is_manager())
      {
	return false;
      }
    if(!isset($username))
      {
	return false;
      }
    if(!MySQL::ckstr($username))
      {
	return false;
      }
    $con = MySQL::get_con();
    if(!$con)
      {
	return false;	
      }
    $result = mysql_query("INSERT INTO manager_list SET username = '$username'",$con);
    if(!$result)
      {
	return false;
      }
    if(mysql_affected_rows()!=1)
      {
	return false;
      }
    return true;
  }

  /**
   *  function: static function unset_manager($username)
   *
   *  description: uset a user manager
   *
   *  param string $username
   *
   *  return boolean
   *
   *  @since version: 0.2 
   */
  static function unset_manager($username)
  {
    if(!Authority::is_manager())
      {
	return false;
      }
    if(!isset($username))
      {
	return false;
      }
    if(!MySQL::ckstr($username))
      {
	return false;
      }
    $con  = MySQL::get_con();
    if(!$con)
      {
	return false;
      }
    $result = mysql_query("DELETE FROM manager_list WHERE username = '$username'",$con);
    if(!$result)
      {
	return false;
      }
    if (mysql_affected_rows()!=1)
      {
	return false;
      }
    return true;
  }
}
?>